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Mathematicians," Rowman & Littlefield, 1987. Table of Contents. 
ART-UNIT: 274 

PRIMARY- EXAMINER: Trammell; James P. 
ASSISTANT-EXAMINER: Rosen; Nicholas David 



ABSTRACT: 

A method and system for facilitating digital commerce using a secure digital 
commerce system is provided. The secure digital commerce system is arranged 
according to a client/server architecture and includes a modularized DCS client and 
DCS server. The DCS client and the DCS server are incorporated into an online 
purchasing system, such as a virtual store, to perform the purchase and online 
delivery of electronic content. The DCS client includes a set of components which 
include a secured copy of the merchandise and various components needed to license 
and purchase the merchandise and to unsecure and process (e.g., execute) the 
licensed merchandise. The DCS client communicates with the DCS server to download 
the components onto a customer's computer system and to license and purchase a 
requested item of merchandise. The DCS server, which includes a content supplier 
server, a licensing and purchasing broker, and a payment processing function, 
supplies merchandise -specific components and licenses the requested item of 
merchandise by generating an electronic certificate. The electronic certificate 
contains license parameters that are specific to the requested merchandise and an 
indicated purchasing option. Once a valid electronic license certificate for the 
requested merchandise is received by the DCS client, the merchandise is made 
available to the customer for use in accordance with the licensing parameters 
contained in the electronic license certificate. 

16 Claims, 21 Drawing figures 
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TITLE: Method and system for securely incorporating electronic information into an 
online purchasing application 



TT.q PATENT NO, (1) : 

Brief Summary Text (2) : 

The present invention relates to facilitating the purchase of electronic -i nf nrma^_inn 
using digi t-al commerce and, in particular, to pr-nv-i ding a component -based 
architecture that facilitates online lirenaing and purchase of dig-ii-al contenh and 
software . 

Detailed Description Text (56) : 

Specifically, in step 2102, the broker determines whether there are more items 
remaining to be processed for the request and, if so, continues in step 2103, else 
finishes processing. In step 2103, the licensing and purchasing broker determines 
whether the item is an ESD item or a non-ESD item. One mechanism used to determine 
whether the item is an ESD or a non-ESD item is to store a flag in the version table 
in the password generation data repository. For each purchasable item 
( Product Skuld) , the version table stores either a password configuration identifier 
or a distributor inf orTnah-l on identifier. In step 2104, if the item is an ESD item, 
then the broker continues in step 2105, else continues in step 2106. In step 2105, 
the broker executes the steps previously discussed with reference to FIG. 12 for 
items that are deliverable online. In step 2106, the broker determines distributor 
contact i nfo-rmahinn for the non-ESD item from a distributo r information table stored 
within a data repository. The distributor i nf ormatinn table for non-ESD transactions 
can be stored along with the password generation tables in the password generation 
data repository or in its own data repository. The distributor informat.ion stored in 
the table includes sufficient location -inf ormat-i on for contacting a distributor from 
whom the item can be purchased using an electronic request. In step 2107, the broker 
obtains preauthorization information for a method of payment specified by the 
customer. It is assumed in this step that such i nf nrma^i on has been already 
obtained. If necessary, however, the broker sends appropriate requests to the code 
that initiated the purchase request (for example, the user interface library) to 
obtain method of payment information from the user and to continue accordingly. 
Preauthorization is necessitated by non-ESD purchases, which require a shipment date 
before the broker is able to charge the purchase to a customer's credit card. The 
preauthorization is performed by the payment processing function (e.g., the payment 
processing function 309 in FIG. 3) . In step 2108, if the purchase is preauthorized, 
then the broker continues in step 2109, else continues in step 2110. In step 2109, 
the broker sends a purchase order to the located distributor for the merchandise 
using a well-known Electronic Data Interchange ("EDI") format and commercial EDI 
products, such as those provided by Digital Corporation. One skilled in the art will 
recognize that any mechanism that allows information for electronically providing a 
purchase order would be operable with the^^gg^g^i^ ; and ^purch step 
2110, the broker returns the results of the preauthorization attempt £0 the^ 
requesting routine, and then returns to the beginning of the loop in step 2101. 
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ART-UNIT: 232 

PRIMARY -EXAMINER: Pan; Daniel H. 



ABSTRACT : 

A system for controlling use and distribution of digital works. The present 
invention allows the owner of a digital work to attach usage rights to their work. 
The usage rights define how the individual digital work may be used and distributed. 
Instances of usage rights are defined using a flexible and extensible usage rights 
grammar. Conceptually, a right in the usage rights grammar is a label associated 
with a predetermined behavior and conditions to exercising the right. The behavior 
of a usage right is embodied in a predetermined set of usage transactions steps. The 
usage transaction steps further check all conditions which must be satisfied before 
the right may be exercised. These usage transaction steps define a protocol for 
requesting the exercise of a right and the carrying out of a right. 
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TITLE: System for controlling the distribution and use of digital works having 
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TTfl PATENT NO, (1) : 
'R-riP^f finmmary Te>xh (21) : 

A system available from Wave Systems Corp. of Princeton, N.Y., provides for metering 
of aof twarg> usage on a personal computer. The system is installed onto a computer 
and collects information on what software is in use, encrypts it and then transmits 
the -inf ormat-ion to a transaction center. From the transaction center, a bill is 
generated and sent to the user. The transaction center also maintains customer 
accounts so that licensing fees may be forwarded directly to the software providers . 
Software operating under this system must be modified so that usage can be 
accounted. 

Detailed Description Text (65) : 

From FIGS. 5 and 6 it is readily observed that a digital work can be represented by 
its component parts as a hierarchy. The description tree for a digital work is 
comprised of a set of related descriptor blocks (d-blocks) . The oontents of each 
d-block is described with respect to FIG. 7. Referring to FIG. 7, a d-block 700 
includes an identifier 701 which is a unique identifier for the work in the 
repository, a starting address 702 providing the start address of the first byte of 
the work, a length 703 giving the number of bytes in the work, a rights portion 704 
wherein the granted usage rights and their status data are maintained, a parent 
pointer 705 for pointing to a parent d-block and child pointers 706 for pointing to 
the child d-blocks In the currently preferred embodiment, the identifier 701 has two 
parts. The first part is a unique number assigned to the repository upon 
manufacture. The second part is a unique number assigned to the work upon creation. 
The rights portion 704 will contain a data structure, such as a look-up table, 
wherein the various information associated with a right is maintained. The 
infnrmatinn required by the respective usage rights is described in more detail 
below. D-blocks form a strict hierarchy. The top d-block of a work has no parent; 
all other d-blocks have one parent. The relationship of usage rights between parent 
and child d-blocks and how conflicts are resolved is described below. 

Detailed Desrription Text (205) : 

The digital work can be played, transferred, or copied. Copies or transfers must be 

on repositories of security level 3 or greater. Copying requires the license 

T.i cense-12'^-Tn issued to the copying repository. None of the rights require fees. 

Detailed Description Text (441) : 

In this scenario, a creator wants to protect the reputation and value of his work by 
making certain requirements on its distributors. He issues licenses to distributors 
that satisfy the requirements, and in turn, promises to reward their efforts by 
assuring that the work will not be distributed over competing channels. The 
distributors incur expenses for selecting the digital work, explaining it to buyers, 
promoting its sale, and possibly for the license itself. The distributor obtains the 
right to enclose the digital work in a shell, whose function is to permit the 
attachment of usage fees to be paid to the distributor in addition to the fees to be 
paid to the creator. 

Detailed Desrription Tevt (514) : 
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In the simplest scenario, when a user wants to print a digital document he issues a 
print command to the user interface. If the document has the appropriate rights and 
the conditions are satisfied, the user agrees to the fee and the document is 
printed. In other cases, the printer may be on a remote repository and it is 
convenient to spool the printing to a later time. This leads to several issues. The 
user requesting the printing wants to be sure that he is not billed for the printing 
until the document is actually printed. Restated, if he is billed at the time the 
print job is spooled but the job is canceled before printing is done, he does not 
want to pay. Another isgiie is that when spooling is permitted, there are now two 
times at which r-i ghta, conditions and fees could be checked: the time at which a 
print job is spooled and the time at which a print is made. As with all usage 
rights, it is possible to have rights that expire and to have rights whose fee 
depends on various conditions. What is needed is a means to check rights and 
conditions at the time that printing is actually done. 
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ABSTRACT : 

Rights management information is used at least in part in a matching, narrowcasting, 
classifying and/or selecting process. A matching and classification utility system 
comprising a kind of Commerce Utility System is used to perform the matching, 
narrowcasting, classifying and/or selecting. The matching and classification utility 
system may match, narrowcast, classify and/or select people and/or things, 
non-limiting examples of which include software objects. The Matching and 
Classification Utility system may use any pre-existing classification schemes, 
including at least some rights management information and/or other qualitative 
and/or parameter data indicating and/or defining classes, classification systems, 
class hierarchies, category schemes, class assignments, category assignments, and/or 
class membership. The Matching and Classification Utility may also use at least some 
rights management information together with any artificial intelligence, expert 
system, statistical, computational, manual, or any other means to define new 
classes, class hierarchies, classification systems, category schemes, and/or assign 
persons, things, and/or groups of persons and/or things to at least one class. 

220 Claims, 98 Drawing figures 
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Rr'if=>f Summary Tg>xt (37) : 

If, for example, you have an auto repair newsletter and you want to create an 
article containing information on auto repair of Ford Bronco vehicles, you may wish 
to look for detailed, three dimensional, step-by-step "blow-up" mechanical images of 
Ford Bronco internal components. Perhaps these are available from hundreds of 
sources (including from private individuals using new, sophisticated rendering 
graphics programs, as well as from engineering graphics firms) . Given the nature of 
your newsletter, you have decided that your use of such images should cost you no 
more than one penny to redistribute per copy in quantities of several thousand- -this 
low cost being particularly important since you will have numerous other costs per 
issue for acquiring rights to other useful digital information products which you 
reuse and, for example, enhance in preparing a particular issue . You therefore wish 
to search and match against rights management rules associated with such 
products- -non- limiting examples of which include: 

Brief Summary Text (55) : 

On the Internet, a d-i gi tal "store" is likely to be many stores with vast resources 
integrating products from many parties. If you were limited to conventional 
classification and matching mechanisms, you would be unable to sift through all the 
material to identify the commercially acceptable, i.e., an item representing the 
right inf OTmatinn ^ at thc^ r-ight price, providing lire^nRR T-ightR that match your 
interests. Certainly, if each digi tal package looks the same, you are at a loss in 
making reasonable decisions. You can't tell one from another just by looking at it. 

Brief Summary Text (111) : 

Looking at FIG. 10, Jill may have used her computer last week to look at inf o-rmat-i nn 
about baseball, volcanoes and Jeeps. With Jill's permission, the electronic 
matchmaker can employ a protected processing environment 154 (schematically shown 
here as a tamper- resistant "chip" within the computer- -but it can be hardware -based, 
software -based, or a combination of hardware and software ) to look at the computer's 
history records and use them to help match Jill up with other kinds of things she is 
or may be interested in. For example, the electronic matchmaker can let an 
electronic publisher or other provider or information gatherer (e.g., market survey 
conductor, etc.) know that Jill is interested in team sports, geology and sports 
utility vehicles with or without more revealing detail--as managed by Jill's choices 
and/or rights management rules and controls executing in her computer's protected 
processing environment 154. The provider can send infn-rmatinn to Jill--either 
automatically or at Jill's request- -about other, related things that Jill may be 
interested in. 

Brief Summary Text (116) : 

The present inventions handle many kinds of important issues and addresses the 
widest range of information a nd rights and automation possibilities. For example, 
the present inventions are capable of handling (but are not limited to) : 

Brief Summary Text (165) : 

Provides fundamentally important commercial and societal rules based filtering to 
identify desired electr-nni n i nf nT^ma^^i nn and/or electronic i nf n^rma^^ nn containers 
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through the use of classification structures, profiling technology, and matching 
mechanisms that harness the vast information opportunities in cyberspace by matching 
r.hf^ information needs of users against commercial and/or societal rules related to 
the use of available information resources, including, for example, commercial 
and/or societal consequences of digital information use imposed as pr-ovirif^r 
requirements and specified through the use of, and enforced by the use of, a trusted 
T-ights management system such as described in "Ginter et al". 

R-r-j pf Summary Tex:t (371) : 

allowing ront^nt provider modification over time of rules and controls to reflect 
sales, new pricing, special discounts, etc. --while limiting this right by rules and 
controls provided by other parties having more senior rights; 

np^ailpd nfifirr-iph-ion Tpvh (291) : 

The matching and classification utility 900 takes the usage inf or-mati on and other 
rights management -inf ormahion received from the VDE nodes and/or other H nf n-rmai-i on 
sources and may create at least one category and may assign at least one node and/or 
user to a cateogry and/or class. In FIG. 47, the matching and classification utility 
900 sends a VDE container 2002 to content provider 2010 with i nf orTnah-i on showing the 
classes of content used by one or more nodes and/or users along with a request that 
the provider 2010 send similar ronhenh back to one or more users 2 001. At least one 
oont-ent provider 2010 then sends at least one VDE container 2004 to user A with 
ronhenh and/or inf or7^a^Ton about available content that may be of interest to user A 
given the history of content usage as reflected in VDE audit records and/or other 
rights management information . In this "push" example, classes of ronhent: ot 
-i nf oTTTiat.ion about available content may be pushed automatically from (a class of) 
ronhent providers to one or more members of class of users and/or nodes. 
Consequently, users do not have to search as intensely, if at all, for content of 
interest to them. 

Detailed Description Text (295) : 

Although the matching and classification utility 900 and/or content provider may 
send "more of the same, " in another example the present inventions support providers 
at least occasionally sending content more distantly related to the user's apparent 
interests to determine if the user's circle of interest might be a little larger 
than that indicated by past usage and other, related rights management information 
alone . 

Detailed Description Text (316) : 

In another example, the matching and classification utility 900 may receive content 
and/or rights management information from providers and go on to create classes of 
oontent and/or content providers in which the classes may be partly defined using 
rights management data. Hon tent on one class may, among other things, be 
distinguished from content in another class by price, payment methods, usage 
opportunities (e.g., available for printing, available for viewing pay-per-use) , 
usage consequences, and/or specific permissions. The matching and classification 
utility 900 may subsequently send a communication, perhaps in a VDE container, to 
providers indicating that they send content in one or more specified classes to at 
least one DBN server. 

Detailed PescTiption Text (317) : 

Non-limiting example FIG. 48 shows that the DBN 2100 may consist of video 2202 
and/or audio 2203 content providers who send certain categories of video and/or 
audio content 2206 to DBN seirvers 2204 ( 1) -2204 (n) based on the categories of content 
each server may specialize in, which, in turn, may be determined at least in part on 
frequency of usage and/or other -r-i ghts management i nf o-rmation sent in VDE containers 
2213 to the matching and classification utility 900, or to a usage clearinghouse 300 
and then to a matching and classification utility 900. (In another example, other 
information may be used as the basis of classification, matching, and selection.) 
The matching and classification utility 900 sends VDE containers 2212 to content 
sources indicating that they should send content in specific categories 2206 to 
specific DBN servers 2204. In turn, each DBN server 2204 (1) -2204 (n) delivers video 
2208 and/or audio 2209 in VDE containers to parties interested in such content . in 
another example, a VDE container may hold both video and audio and/or any other 
content type. 

Detailed Description Text (350) : 

In this example, a content provider 2702 sends a VDE container 2704 to a secure 
directory services 600 asking whether the service can provide a list of individuals 
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in class "AF." The requested class could be any class defined by one or more 
attributes and may be based on usage profiles that include -rights management 
■infn-rmation, non- exhaustive examples of which include price, payment methods 
accepted, permitted operations, meters, and privacy controls. 
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ABSTRACT: 

A system for controlling use and distribution of digital works. The present 
invention allows the owner of a digital work to attach usage rights to their work. 
The usage rights define how the individual digital work may be used and distributed. 
Instances of usage rights are defined using a flexible and extensible usage rights 
grammar. Conceptually, a right in the usage rights grammar is a label associated 
with a predetermined behavior and conditions to exercising the right. The behavior 
of a usage right is embodied in a predetermined set of usage transactions steps. The 
usage transaction steps further check all conditions which must be satisfied before 
the right may be exercised. These usage transaction steps define a protocol for 
requesting the exercise of a right and the carrying out of a right. 
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28 Claims, 20 Drawing figures 
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R-rif^f RnmrnaTY Tpyt (10) : 

A fundamental issue facing the publishing and information industries as they 
consider electronic publishing is how to prevent the unauthorized and unaccounted 
distribution or usage of electronically published materials. Electronically 
published material s are typically distributed in a digital form and recreated on a 
computer based system having the capability to recreate the materials. Audio and 
video recordings, software, books and multimedia works are all being electronically 
published. Companies in these industries receive royalties for each accounted for 
delivery of the materials, e.g. the sale of an audio CD at a retail outlet. Any 
unaccounted distribution of a work results in an unpaid royalty (e.g. copying the 
audio recording CD to another digital medium.) 

Rr-jpf Nummary Tf^yt (12) : 

The most straightforward way to curb unaccounted distribution is to prevent 
unauthorized copying and transmission. For existing materials that are distributed 
in digital form, various safeguards are used. In the case of software, copy 
protection schemes which limit the number of copies that can be made or which 
corrupt the output when copying is detected have been employed. Another scheme 
causes software to become disabled after a predetermined period of time has lapsed. 
A technique used for workstation based software is to require that a special 
hardware device must be present on the workstation in order for the software to run, 
e.g., see U.S. Pat. No. 4,932,054 entitled "Method and Apparatus for Protecting 
Computer Software Utilizing Coded Filter Network in Conjunction with an Active Coded 
Hardware Device." Such devices are provided with the software and are commonly 
referred to as dongles. 

Brief fiiimmary Text (24) : 

A system for controlling use and distribution of digital works is disclosed. A 
digital work is any written, aural, graphical or video based work that has been 
translated to or created in a digital form, and which can be recreated using 
suitable rendering means such as software programs. The present invention allows the 
owner of a digital work to attach usage rights to their work. The usage rights 
define how the digital work may be used and distributed. These usage rights become 
part of the digital work and are always honored. 

Drawing Degrriptinn T^yt (6) : 

FIG. 5 illustrates a r^nntents file layout for a digital work as may be utilized in 
the currently preferred embodiment of the present invention. 

Drawing Description Text (7) : 

FIG. 6 illustrates a contents file layout for an individual digital work of the 
d-igi tal work of FIG. 5 as may be utilized in the currently preferred embodiment of 
the present invention. 

Drawing Description Text (9) : 

FIG. 8 illustrates a description tree for the contents file layout of the d-ig-i ^a1 
work illustrated in FIG. 5. 
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Detailed Dfiscript.inn Tftxt- (46) : 

Herein the terms "digJLtal work", "work" and "^rontent" refer to any work that has 
been reduced to a digital representation. This would include any audio, video, text, 
or multimedia work and any accompanying interpreter (e.g. software) that may be 
required for recreating the work. The term composite work refers to a digital work 
comprised of a collection of other digital works. The term "usage rights" or 
"rights" is a term which refers to rights granted to a recipient of a digital work. 
Generally, these rights define how a digital work can be used and if it can be 
further distributed. Each usage right may have one or more specified conditions 
which must be satisfied before the right may be exercised. Appendix 1 provides a 
Glossary of the terms used herein. 

Dfit-a-j 1 f^d Dfifirriptinn Tf^xt (60) : 

FIG. 4b is an example of a computer system as a rendering system. A computer system 
may constitute a "multi -function" device since it may execute digital works (e.g. 
software programs) and display digital works (e.g. a digitized photograph). 
Logically, each rendering device can be viewed as having it's own repository, 
although only one physical repository is needed. Referring to FIG. 4b, a computer 
system 410 has contained therein a display/execution repository 411. The 
display/ execution repository 411 is coupled to display device, 412 and execution 
device 413. The dashed box surrounding the computer system 410 represents a security 
boundary within which communications are assumed to be secure. The di splay /execution 
repository 411 is further coupled to a credit server 414 to report any fees to be 
billed for access to a digital work and a repository 415 for accessing digital works 
stored therein. 

Detailed nescriptinn Text (63) : 

In the currently preferred embodiment, the f ilf^ information for a digi t-.al work is 
divided into two files: a " non t gn t s " file and a "description tree" £il£. From the 
perspective of a repository, the " contents" file is a stream of addressable bytes 
whose foinnat depends completely on the interpreter used to play, display or print 
the digital work. The description tree file makes it possible to examine the rights 
and fees for a work without reference to the content of the digital work. It should 
be noted that the term description tree as used herein refers to any type of acyclic 
structure used to represent the relationship between the various components of a 
digital work. 

Detailed Description Text (70) : 

The approach for representing digital works by separating description data fr-om 
rontent assumes that parts of a file are contiguous but takes no position on the 
actual representation of content. In particular, it is neutral to the question of 
whether content representation may take an object oriented approach. It would be 
natural to represent content as objects. In principle, it may be convenient to have 
content objects that include the billing structure and rights information that is 
represented in the d-blocks. Such variations in the design of the representation are 
possible and are 

Detailed Description Text (72) : 

Digital works are stored in a repository as part of a hierarchical file system. 
Folders (also termed directories and siib-directories) contain the digital works as 
well as other folders. Digital works and folders in a folder are ordered in 
alphabetical order. The digital works are typed to reflect how the files are used. 
Usage rights can be attached to folders so that the folder itself is treated as a 
digital work. Access to the folder would then be handled in the same fashion as any 
other digi tal work As will be described in more detail below, the rontentg of the 
folder are subject to their own rights. Moreover, file management rights may be 
attached to the folder which define how folder contents can be managed. 

Detailed Description Text (85) : 

Physical integrity refers to the integrity of the physical devices themselves. 
Physical integrity applies both to the repositories and to the protected digital 
works. Thus, the higher security classes of repositories themselves may have sensors 
that detect when tampering is attempted on their secure cases. In addition to 
protection of the repository itself, the repository design protects access to the 
content of digital works . In contrast with the design of conventional magnetic and 
optical devices- -such as floppy disks, CD-ROMs, and videotapes- -repositories never 
allow non-trusted systems to access the works directly. A maker of generic computer 
systems cannot guarantee that their platform will not be used to make unauthorized 
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copies. The manufacturer provides generic capabilities for reading and writing 
information, and the general nature of the functionality of the general computing 
device depends on it. Thus, a copy program can copy arbitrary data. This copying 
issue is not limited to general purpose computers. It also arises for the 
unauthorized duplication of entertainment "software" such as video and audio 
recordings by magnetic recorders. Again, the functionality of the recorders depends 
on their ability to copy and they have no means to check whether a copy is 
authorized. In contrast, repositories prevent access to the raw data by general 
devices and can test explicit rights and conditions before copying or otherwise 
granting access. Information is only accessed by protocol between trusted 
repositories . 

r)pha-ilf*d Df^Rnriptinn Teyt (87) : 

Behavioral integrity refers to the integrity in what repositories do. What 
repositories do is determined by the software that they execute. The integrity of 
the software is generally assured only by Jcnowledge of its source. Restated, a user 
will trust software purchased at a reputable computer store but not trust software 
obtained off a random (insecure) server on a network. Behavioral integrity is 
maintained by requiring that repository software be certified and be distributed 
with proof of such certification, i.e. a digital certificate. The purpose of the 
certificate is to authenticate that the software has been tested by an authorized 
organization, which attests that the software does what it is supposed to do and 
that it does not compromise the behavioral integrity of a repository. If the d-i gi tal 
certificate cannot be found in the digital work or the master repository which 
generated the certificate is not known to the repository receiving the soft ware, 
t-hen the software cannot be installed. 

Detailed Description Text (93) : 

The storage system 1207 is further comprised of descriptor storage 1203 and content 
storage 1204. The description tree storage 1203 will store the description tree for 
the digital work and the content storage will store the associated rontenh . The 
description tree storage 1203 and content storage 12 04 need not be of the same type 
of storage medium, nor are they necessarily on the same physical device. So for 
example, the descriptor storage 12 03 may be stored on a solid state storage (for 
rapid retrieval of the description tree information) , while the content storage 1204 
may be on a high capacity storage such as an optical disk. 

Detailed Description Text (136) : 

The File management rights enable the making and restoring of backup copies in a way 
that respects usage rights, honoring the requirements of both the copy owner and the 
rights grantor and revenue owner. Backup copies of work descriptions (including 
usage rights and fee data) can be sent under appropriate protocol and usage rights 
control to other document repositories of sufficiently high security. Further rights 
permit organization of digital works into folders which themselves are treated as 
digital works and whose contents may be "hidden" from a party seeking to determine 
the ront,ent:s of a repository. 

Detailed Description Text (205) : 

The digital work can be played, transferred, or copied. Copies or transfers must be 
on repositories of security level 3 or greater. Copying requires the lioense 
License-123-ID issued to the copying repository. None of the rights require fees. 

Detailed Description Text (273) : 

To prevent loss of data, the server should not delete any transferred digital work 
until receiving the final acknowledgement from the requester. But it also should not 
use the file. A well known way to deal with this situation is called "two-phase 
commit" or 2 PC. 

Detailed Description Text (300) : 

The requester records the digital work contents, data, usage rights, and loan period 
and stores the work. 

Detailed Description Text (303) : 

The server updates the usage rights data fo r t-he d -jg-it-al work. This may preclude use 
of the work until it is returned from the loan. The user on the requester platform 
can now use the transferred copies of the digital work. A user accessing the 
original repository cannot use the digital work, unless there are copies remaining. 
What happens next depends on the order of events in time. 
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Dfit.ailf>d Df^ac;riptiQn Text: (345) : 

The server verifies that t-he rontents file is available (i.e. a digital work 
corresponding to the request has been backed-up.) If it is not, it ends the 
transaction with an error. 

neta-iled Deac;ription Text (368) : 

The requester sends the server a message to initiate a Folder transaction. This 
message indicates the folder that is the root of the folder request, the version of 
the folder right for the transaction, an operation, and data. The operation can be 
one of create, rename, and move file. The data are the specifications required for 
the operation, such as a specification of a folder or digital work and a name. 

Detailed DegC!ription Text (388) : 

An Edit transaction is a request to revise a digital work by copying, selecting and 
modifying portions of an existing digital work. This operation can actually change 
the content H nf a digital work. The kinds of changes that are permitted depend on 
the process being used. Like the extraction operation, edit operates on portions of 
a digital work. In contrast with the extract operation, edit does not effect the 
rights or location of the work. It only changes the contents. The kinds of changes 
permitted are determined by the type specification of the processor specified in the 
rights. In the currently preferred embodiment, an edit transaction changes the work 
itself and does not make a new work. However, it would be a reasonable variation to 
cause a new copy of the work to be made. 

Detailed Dearription Text (392) : 

The requester uses the process to change the contents of the digital work as 
desired. (For example, it can select and duplicate parts of it; combine it with 
other information; or compute functions based on the information. This can amount to 
editing text, music, or pictures or taking whatever other steps are useful in 
creating a derivative work.) 

neta-iled DeHcr-j pt i on Text (398) : 

A usage right can specify an authorization- ID, which identifies an authorization 
object (a digital work in a file of a standard format) that the repository must have 
and which it must process. The authorization is given to the generic authorization 
(or ticket) server of the repository which begins to interpret the authorization. 

Deta-iled DeRrTi p^ i nn Texl- (407) : 

An Install transaction is a request to install a digi tal work as runnable software 
on a repository. In a typical case, the requester repository is a rendering 
repository and the software would be a new kind or new version of a player. Also in 
a typical case, the software would be copied to file system of the requester 
repository before it is installed. 

neta-iled Defic-ription Text (410) : 

The requester extracts a copy of the digital certificate for the software , if the 
certificate cannot be found or the master repository for the certificate is not 
known to the requester, the transaction ends with an error. 

Detailed Desoription Text (411) : 

The requester decrypts the digital certificate using the public key of the master 
repository, recording the identity of the supplier and creator, a key for decrypting 
the software, the compatibility information, and a tamper- checking code. (This step 
certifies the software.) 

Detailed Desr.ript i on Text (420) : 

The requester extracts a copy of the d-i g-i tal certificate for the software , if the 
certificate cannot be found or the master repository for the certificate is not 
known to the requester, the transaction ends with an error. 

Deta-iled Description Text (422) : 

The requester decrypts the digital certificate using the piiblic key of the master 
repository, recording the identity of the supplier and creator, a key for decrypting 
the software, the compatibility information, and a tamper- checking code. (This step 
authenticates the certification of the software, including the script for 
uninstalling it.) 

Deta-iled Descr-i pt-j on Text (441) : 

In this scenario, a creator wants to protect the reputation and value of his work by 
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making certain requirements on its distributors. He isauea licensfts to distributors 
that satisfy the requirements, and in turn, promises to reward their efforts by- 
assuring that the work will not be distributed over competing channels. The 
distributors incur expenses for selecting the digital work, explaining it to buyers, 
promoting its sale, and possibly for the license itself. The distributor obtains the 
right to enclose the digital work in a shell, whose function is to permit the 
attachment of usage fees to be paid to the distributor in addition to the fees to be 
paid to the creator. 

^>R^a^1pd Df^Ftrri pt i on Text (469) : 

In this scenario, several first creators create works. A second creator makes a 
selection of these, publishing a collection made up of the parts together with some 
new interstitial material. (For example, the digital work could be a selection of 
music or a selection of readings.) The second creator wants to continue to allow 
some of the selected works to be extractable, but not the interstitial_mat£riaJ.. 

Dptailf^d Description Text (538) : 

A structure which describes the location of content and the usage rights and usage 
fees for a digital work. A description tree is comprised of description blocks. Each 
description block corresponds to a digital work or to an interest (typically a 
revenue bearing interest) in a digital work. 

Detailed Description Text (563) : 

A special type of description block designating an interest in a digital work, but 
which does not add content . This will typically be added by a distributor of a 
digital work to add their fees. 

DRtailed Description Paragraph Table (2) : 

TABLE 2 REPOSITORY SECURITY LEVELS Level 

Description of Security 0 Open system. 

Document transmission is unencrypted. No digital certificate is required for 
identification. The security of the system depends mostly on user honesty, since 
only modest knowledge may be needed to circumvent the security measures. The 
repository has no provisions for preventing unauthorized programs from running and 
accessing or copying files. The system does not prevent the use of removable storage 
and does not encrypt stored files. 1 Minimal security. Like the previous class 
except that stored files are minimally encrypted, including ones on removable 
storage. 2 Basic security. Like the previous class except that special tools and 
knowledge are required to compromise the programming, the contents of the 
repository, or the state of the clock. All digital communications are encrypted. A 
digital certificate is provided as identification. Medium level encryption is used. 
Repository identification number is unf orgeable . 3 General security. Like the 
previous class plus the requirement of special tools are needed to compromise the 
physical integrity of the repository and that modest encryption is used on all 
transmissions. Password protection is required to use the local user interface. The 
digital clock system cannot be reset without authorization. No works would be stored 
on removable storage. When executing works as programs, it runs them in their own 
address space and does not give them direct access to any file storage or other 
memory containing system code or works . They can access works only through the 
transmission transaction protocol . 4 Like the previous class except that high level 
encryption is used on all communications. Sensors are used to record attempts at 
physical and electronic tampering. After such tampering, the repository will not 
perform other transactions until it has reported such tampering to a designated 
server. 5 Like the previous class except that if the physical or digital attempts at 
tampering exceed some preset thresholds that threaten the physical integrity of the 
repository or the integrity of digital and cryptographic barriers, then the 
repository will save only document description records of history but will erase or 
destroy any digital identifiers that could be misused if released to an unscrupulous 
party. It also modifies any certificates of authenticity to indicate that the 
physical system has been compromised. It also erases the contents of designated 
documents. 6 Like the previous class except that the repository will attempt 
wireless communication to report tampering and will employ noisy alarms. 10 This 
would correspond to a very high level of security. This server would maintain 
constant communications to remote security systems reporting transactions, sensor 
readings, and attempts to circumvent security. 



other Refprenoe Publication (19) : 

Simmel, S.S., and Godard, I., "Metering and Licensing of Resources: Kala*s General 
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Purpose Approach," IMA Intellectual Property Project Proceedings, Jan. 1994, vol. 1, 
Issue 1, pp. 81-110. 

CLAIMS : 

8 . The distribution system as recited in claim 1 wherein said digital work is a 
software program. 

9. The distribution system as recited in claim 8 wherein said grammar is further for 
creating instances of a usage right indicating that said possessor of said digital 
work is able to install said software program. 

10 . The distribution system as recited in claim 8 wherein said grammar is further 
for creating instances of a usage right indicating that said possessor of said 
Higi tal work is able to uninstall said software program. 

17. The computer based system for controlling distribution and use nf d-ig-ltal works 
as recited in claim 14 wherein said grammar is further comprised of a third 
plurality of grammar elements for defining file management usage rights. 

21. The computer based system for controlling distribution and use of digital works 
as recited in claim 14 wherein said grammar is further comprised of a fifth 
plurality of grammar elements for enabling the secure installation and 
uninstallation of digital works comprising of software programs. 
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